Date: Sun, 28 Mar 2004 12:58:54 -0800 (PST) From: JP <planoprez@yahoo.com> To: freebsd-questions@FreeBSD.ORG Subject: Firewall + Sendmail...how to make them happy... Message-ID: <20040328205854.43371.qmail@web40111.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi, I have just got my firewall up and running. Everything is running great except for inbound sendmail connections. It appears my firewall is blocking port 25 traffic. I can telnet localhost 25 and it works fine internally. From the outside world, all I get is a connection refused. Can someone tell me what I am doing wrong please. Here is a copy of my firewall config file: # Define the firewall command (as in /etc/rc.firewall) for easy reference. #Helps to make it easier to read. fwcmd="/sbin/ipfw" # Force a flushing of the current rules before we reload. $fwcmd -f flush # Divert all packets through the tunnel interface. $fwcmd add divert natd all from any to any via tun0 # Allow all data from my network card and localhost. Make sure you change #your network card (mine was xl0) before you reboot. :) $fwcmd add allow ip from any to any via lo0 $fwcmd add allow ip from any to any via dc0 $fwcmd add allow ip from any to any via ed0 # Allow all connections that I initiate. $fwcmd add allow tcp from any to any out xmit tun0 setup # Once connections are made, allow them to stay open. $fwcmd add allow tcp from any to any via tun0 established # Everyone on the internet is allowed to connect to the following services #on the machine. This example shows that people may connect to ssh and #apache. $fwcmd add allow tcp from any to any 5800 setup #VNC Services $fwcmd add allow tcp from any to any 5900 setup #VNC Services $fwcmd add allow tcp from any to any 4661 setup #Edonkey 2000 $fwcmd add allow tcp from any to any 4662 setup #Edonkey 2000 $fwcmd add allow udp from any to any 4665 setup #Edonkey 2000 $fwcmd add allow udp from any to any 11611 setup #Edonkey 2000 $fwcmd add allow tcp from any to any 1214 setup #Kazaa $fwcmd add allow tcp from any to any 23 setup $fwcmd add allow tcp from any to any 80 setup $fwcmd add allow tcp from any to any 22 setup $fwcmd add allow tcp from any to any 21 setup $fwcmd add allow udp from any to any 21 setup $fwcmd add allow tcp from any to any 110 setup $fwcmd add allow udp from any to any 110 setup $fwcmd add allow tcp from any to any 25 setup $fwcmd add allow udp from any to any 25 setup # This sends a RESET to all ident packets. $fwcmd add reset log tcp from any to any 113 in recv tun0 # Allow outgoing DNS queries ONLY to the specified servers. $fwcmd add allow udp from any to xx.xx.x.x 53 out xmit tun0 # Allow them back in with the answers... :) $fwcmd add allow udp from xx.xx.x.x 53 to any in recv tun0 # Allow ICMP (for ping and traceroute to work). You may wish to disallow #this, but I feel it suits my needs to keep them in. $fwcmd add 65435 allow icmp from any to any # Deny all the rest. $fwcmd add 65435 deny log ip from any to any __________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040328205854.43371.qmail>